Advanced Network Security (CS4155)
About this courseET4397IN provides a general overview of network security, attacks and countermeasures. In Advanced Network Security, we will go a lot deeper and take a more technical approach to communication security.
The learning goal of ET4397IN is that you can perform a risk analysis, understand the principle of specific attacks and which countermeasures would neutralize them, in CS4155 we will understand these attacks in detail and learn how to design and actually implement countermeasures as practice.
For example, while in the 5 EC course we explain general vulnerabilities of the WiFi protocols, in advanced network security we dive into the cryptographic and algorithmic background behind these attacks, and build an intrusion detection module that will detect an attack and actively defend the local network against it. We also do review code of specific vulnerabilities in detail, and see how advertiseries map these into PoC exploits and learn how we can detect their presence through network monitoring.
In CS4155, we will have
- 6 lecture hours per week (instead of 4) which go substantially deeper than ET4397IN,
- additional 3h of weekly security labs, covering one specific vulnerability end-to-end and investigate defenses against it,
- a engineering assignment, which teaches you over the term the fundamental concepts and algorithms behind an IDS/IPS system.
Course ContentThe following shows the topics discussed in CS4155, the additions to ET4379IN are indicated in blue:
Physical Layer Security
How are telecom networks made? Protection strategies for cables, wireless links and physical installations. Network resilience planning strategies of network operators to withstand disasters and solve infrastructure dependencies. Benefits and limits of physical layer security: or how the bad guys can still tap into communication; Secure (network) device lifecycle management
Link Layer Security
How the Ethernet link layer works and why it is so insecure! Switch design and switch protocols. Port security, VLANs. The 802.11 protocol suite, WEP and WPS. WPA2, WPS, 802.1X port-based network access control, 802.1AE MAC security. The security of GSM and telecom networks.
Best network design practices. How to do network reconnaissance. Address spoofing and associated network attacks. Hijacking the DNS system and effective detection and protection techniques. Secure and Covert Tunnels. IPSec. The policy origin of the Internet and how it influences the deployment of controls. BGP, RPKI and BGPSec.
Reconnaissance and attacks using the TCP protocol. Secure Sockets Layer and Chains of Trust. Certificate transparency and selected SSL/TLS attacks.
Application and Web Security
Using software vulnerabilities to gain system access. Finding adversaries with Intrusion Detection Systems and Honeypots. Theory and Practice of Firewalls. Security of E-Mail and VoIP, telephony, and messager security protocols.
Meta-data leakages of network protocols. Mix networks and onion routing
Risk Incident Management
Developing a risk management plan. Cyber threat intelligence management and integration. Network incident response and fundamentals of bsiness continuity management.
Building an IDS/IPS
In the project, we will cover in each week one of the fundamental engineering challenges around a network monitoring and defense solution.
Two audiences, two options
As knowledge of network security has become essential for many disciplines and the course network security is listed in multiple study programs, there are now two variants that cater for the different backgrounds and needs. ET4397IN Network Security covers the concepts of network security, current vulnerabilities and appropriate countermeasures. Students are not required to program, both homeworks and final exam are textual questions on the key ideas. In CS4155 Advanced Network Security, students get in addition to the theory also the opportunity for studying vulnerabilities and countermeasures in networking systems and communication protocols in detail, including in-depth study of protocol security analysis as well as a handson implementation of defense mechanisms on actual systems.
Which course is right for me?
- Lecture Hours
- Learning Goal
- Teaching Method
- Study time per week
approx. based on student surveys
- 4 hours per week
- Understanding of network security key concepts and principles
- Interactive lectures
- Basic understanding of networks,
no programming background required
- see demos in lecture
- 60% exam*, 40% homeworks with conceptual questions
(* Exam may be replaced with a software/hardware project)
- 10 - 15 h
CS4155 Advanced Network Security
- 6 hours/week, plus 3h lab
- Understanding, and the ability to perform network detection and implement defenses
- Interactive lectures, programming tasks / labs
- Understanding of networks and strong programming background
- see demos and experiment in labs
- 40% exam, 60% from homeworks about in-depth protocol analysis/data minining, programming exercises and labs
- 25 - 30 h